

See GI Joe? CGI?
`jh2i.com:50008/cgi-bin/`

Doing some enumeration lead me to:
`jh2i.com:50008/?-s`
Which allows grabbing of the source code in older versions of PHP

CVE-2012-1823
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823](https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823)
There's a metasploit module to speed up this process


---
Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]
Tags: #ctf #php #cgi #web
Related: